Restricting Access to Plone Content for Multiple Audiences - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Restricting Access to Plone Content for Multiple Audiences

Description:

Health Insurance Company in Grand Rapids, Michigan (USA) Plone site ... (remove Anonymous view) Create role for each user group, grant role to group globally ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 11
Provided by: ededdi
Category:

less

Transcript and Presenter's Notes

Title: Restricting Access to Plone Content for Multiple Audiences


1
Restricting Access to Plone Content for Multiple
Audiences
  • An Example
  • (Ed Eddington)

2
Priority Health
  • www.priorityhealth.com
  • Health Insurance Company in Grand Rapids,
    Michigan (USA)
  • Plone site (content)
  • Perl (web apps)
  • Insuring 500,000 Members
  • 4 Audiences use our website

3
Audiences
  • 1. Anonymous users
  • General health and company information
  • 2. Members (500,000)
  • Health info and online apps
  • 3. Providers (1000 Doctors/Hospitals)
  • Provider info and apps
  • 4. Employers (1000 Businesses)
  • Employer info and apps
  • 5. Agents (50 Account managers)
  • Agent info and apps

4
Requirement Authentication
  • Assign users to groups
  • PlonePAS, etc.

5
Method 1 For 1 or 2 Groups
  • Use workflow to set object view permission
    (remove Anonymous view)
  • Create role for each user group, grant role to
    group globally
  • Create new workflow states Published-Role1,
    Published-Role2, etc. with view permission to
    each role
  • DCWorkflowDump

6
Method 2 MANY Audiences
  • Need a published state for every combination of
    view permissions
  • Or, use Local Roles!

7
Method 2 MANY Audiences
  • Add a View-Restricted role
  • Create new workflow state Published-Restricted
  • Add view permission to View-Restricted role in
    workflow.
  • Grant a group of users the local role
    View-Restricted on a folder
  • Can set local role on objects, too - /sharing tab

8
Hide Anonymous Content?
  • Problem ALL roles can view Anonymous content
  • What WE did Give Anonymous users a separate role
    (PH_Anonymous) by spoof in PAS plugin.
  • Remove default Anonymous view permission (turn
    off Aquire view perms)
  • Add view permission for new role.

9
Advanced hacks
  • Make /somefolder point to different content based
    on role
  • Add objects index_1, index_2 alongside
    index_html, set local roles
  • Create Apache 401 handler to make repeated
    requests for index_html, index_1, index_2, etc.

10
Ideas for Restricting Access?
  • Products? Ideas? Issues?
  • Shared Experiences?
  • Contact ed.eddington_at_priorityhealth.com
Write a Comment
User Comments (0)
About PowerShow.com